Monday, May 17, 2010

Facebook identifies hacker selling 1.5 million accounts

17 May 2010

Reports are coming in that Facebook has identified the self-proclaimed hacker who was offering to sell batches of 1000 Facebook accounts - up to 1.5 million in total - and it appears that the Russian hacker was wildly overstating the account numbers.

Weekend newswire reports say that the hacker, who is known as Kirllos, had succeeded in hacking into a number of Facebook accounts, which he planned to sell via online hacker forums.

However Facebook has told reporters that the Russian hacker was significantly overstating his account haul.

Robert McMillan of the IDG newswire quoted a Facebook spokersperson as saying: "We have determined Kirllos' identity through IP addresses, online accounts, and other information and believe that he's very likely a low-level actor."

McMillan says that Kirllos had been selling batches of 1000 accounts at between $25 and $45 a batch.

VeriSign's IDefense operation, meanwhile, says it it was able to trace the Russian hacker's internet connection, after he boasted he had as many as 700 000 accounts. Unconfirmed reports, however, suggest that Kirllos only had access a few thousand Facebook accounts and those accounts were attained where password security was poor or he had obtained the credentials using phishing and trojan attack methods.

Facebook has said it has handed over the results of its investigation to US law enforcement agencies, although newswire reports suggest that an extradition from Russia - where the hacker lives - is unlikely.

Facebook's apparent openness with the media comes in the wake of a wave of security problems with the social networking services this month, Infosecurity notes.

Unconfirmed reports had suggested that Facebook held a company-wide series of meetings last week to decide how to tackle the privacy issue, although the social networking service has been playing down media reports of its meetings.

According to Ed Rowley, product manager with M86 Security, Facebook is easy to use and this is the main reason why it is so popular.

"It is encouraging to see that they are trying to protect users by adding new security measures, as cybercriminals are so well-organised and well-funded that it is unlikely the platform will remain watertight for long", he said.

Unfortunately, adding granular security settings to anything involving individual user accounts, including Facebook, can be quite complex. It is likely that many of these security measures will remain options that Facebook users will simply ignore", he added.

Source & Credit :

Phishing scam hits thousands on Twitter

17 May 2010

A phishing scam is targeting thousands of Twitter users hoping to increase their number of followers.

Spam messages are circulating that claim to contain links to websites that will help Twitter users to increase their number of followers for free.

Instead, the links connect to a phishing page where cybercriminals steal victims' Twitter logins to use them to generate more spam, says security firm eSoft.

The cybercriminals are using a variety of URL shortening services to prevent spam detection on Twitter, said Lee Graves, senior technical support engineer at eSoft.

The shortened links lead to phishing pages capturing the users' Twitter login. The compromised accounts are then used to send more spam and lure in more unsuspecting users.

With a growing number of third-party sites and services available to support Twitter users, they should not give out login information without first verifying the legitimacy of Twitter applications and websites, said Graves.

"Users should look closely at their URL bar to be sure they are on Twitter's site before entering their login credentials," he said.

Twitter users should change their login details if they receive any spam messages promising to increase follower numbers, said Graves.

This article was first published by Computer Weekly

Source & Credit :

Google encrypts Google Search

Following the unintended collection of payload data from open WiFi networks performed by the cars mapping streets for Google Street View, Google claims that there is no reason to worry because they have collected only fragments of payload data.

"Our cars are on the move; someone would need to be using the network as a car passed by; and our in-car WiFi equipment automatically changes channels roughly five times a second. In addition, we did not collect information traveling over secure, password-protected WiFi networks."

They blame the situation on a piece of code that is included in the software used - code that was included by mistake. Google stopped the Street View cars as soon as they discovered the fact, has proceeded to isolate the data in question and is taking steps to delete it suitably. It even decided to stop the cars from collecting any kind of WiFi network data for good.

Google has also decided to view this occurrence as a wake-up call and announced that, starting this week, they will start providing an encrypted version of Google Search. It is still not clear if it will be the default or just an option.

Earlier this year, in the wake of the infamous Aurora attack, Google decided to make HTTPS access for Gmail a default, and the Gmail Engineering Director commented at the time that "using https helps protect data from being snooped by third parties, such as in public wifi hotspots. We initially left the choice of using it up to you because there's a downside: HTTPS can make your mail slower since encrypted data doesn't travel across the web as quickly as unencrypted data. Over the last few months, we've been researching the security/latency tradeoff and decided that turning https on for everyone was the right thing to do."

Obviously, the time has come when security is starting to be more important than cost or a small increase in waiting time.

Source & Credit :

Sunday, May 16, 2010

How to stay safe on Facebook

PRIVACY and security must be dirty words at the Facebook HQ at the moment as the world's largest social media network comes under fire for its privacy policy that has left users exposed and vulnerable.

Amazingly, it was reported that Facebook's privacy policy is a whopping 5,830 words long, even more verbose than the Constitution of the United States which reads at 4,543 words.

Here are some of the precautions you need to take to stay private and safe:

Make friend lists

Categorise your “friends” into various groups according to what information you want them to have access to, from “Work Friends” (minimal access) to “Acquaintances”, “Family” and “Close Friends” (full access) .

Restrict access to profile

To prevent strangers from accessing your page, it is advisable to allow “Only Friends” to access your profile.

Remove your address and phone number

This may be useful information for your real friends and family but imagine what will happen if the information falls into the wrong hands.

Remove your full birthdate from your profile

Identity thieves can use it to obtain more information on you and even gain access to your bank or credit card account. If you want to remind your friends about your birthday, remove the year.

Be careful when registering for new applications

It is all fun and exciting to try out new games and quizzes but what many don't realise is that you may unknowingly be sharing all your information with the developers who can then sell your data or spam you.

Go to “Privacy Settings” and tick “Applications”, followed by “Settings”. Uncheck the boxes for the personal information that you do not want them to obtain.

Still, according to security expert website, the CSO (Chief Security Officer) Online, Facebook users unwittingly expose themselves to five dangers that might be beyond their control: their information is shared with third parties; their privacy settings revert to a less safe default mode after each redesign; malware from Facebook advertisements; fake profiles from scammers; and real friends who unknowingly make them vulnerable.

Source & Credit to :

New security features and roadblocks to be added

Sunday May 16, 2010

Facebook is launching new security features to combat cyber attacks, scams and spam, according to foreign news agency Associated Press.

The new security features come as the giant social network site faces growing criticism over the way it handled users' privacy - in which users are pushed to share more about themselves with one another and the outside world.

Facebook is said to be a magnet for Internet criminals looking to steal users' passwords and other personal information.

Under the new security measures, users will reportedly be able to request for notification by e-mail or text message when their account is accessed from a computer or mobile device they have not used before.

However, for those who travel a lot, Facebook assures that their log-in attempt can be done without any hassle.

Facebook says that it also plans to add roadblocks for any “unusual” activity detected, such as simultaneous log-ins from opposite sides of the world.

A proposed notification method, it was reported, is that users will be shown a photo with their friends tagged and be asked to correctly identify who they are before the second log-in goes through.

Users will also be able to check where the latest log-ins have come from. This is similar to a feature Google offers on its Gmail service, where users can view the date, time and location of the most recent log-ins to their account.

However, some of these changes are still being tested, so the new features will be rolled out gradually over the next few weeks, says Facebook.

Source & Credit to :

The big bad web

Sunday May 16, 2010


The Internet poses various safety issues and Facebook's latest privacy gaffes make it even worse.

A JEALOUS husband murders his wife after becoming enraged that she had changed her Facebook status to single.

It may sound like a Hallmark movie-plot but last year alone saw a few similar incidents around the world. And this does not include the harassment, threats or legal suits that Facebook members faced over their postings.

Risks without borders: The privacy policy of giant social media network Facebook has come under fire as it exposes users to malicious attacks and cyber crimes. - Picture posed by model

After Edward Richardson, 41, stabbed his estranged wife Sarah Richardson, 26, to death - the third of such homicide cases in the United Kingdom over 12 months - British authorities were quick to highlight the importance of social media literacy.

Crimes of passion are nothing new but social networking may just have changed the variables. And while Facebook is in no way to be blamed for the violence - she could have used MySpace, Meebo or any other social network - this case is an undeniable example of how increased connectivity, the speed with which information is transmitted, and privacy controls are changing our world.

The main question thrown up in discussion groups was whether Richardson fully understood how Facebook worked.

Was she aware that by changing her status, her estranged husband would instantly receive a post on his Facebook newsfeed? Did she know how to exclude him from such updates if she had wished to?

Malaysia has not recorded any similar cases yet, but with reportedly 2,619,040 Malaysians registered on Facebook, there may be cause for concern.

"Many who go to social media networks do not realise the consequences of how they act and what they say on the Internet will have on themselves, their families and friends"- ASSO C PR OF DR KHAIDZIR ISMAIL

As psychologist Assoc Prof Dr Khaidzir Ismail from Universiti Kebangsaan Malaysia highlights, many of the Malaysians who go to social media networks do not realise the consequences of how they act and what they say on the Internet will have on themselves, their families and friends.

“The Internet is a good outlet for people to express themselves and socialise. However, many, especially the young, do not have the skills or etiquette to know how to behave on the social media networks. One problem is that many are IT illiterate,” he says.

Worse, the latest Facebook privacy scandals may make the existing security worries so 2009 for many users.

New privacy issues

While many were still grappling with how to find their way around the social media network and manage their personal information on it, Facebook introduced new privacy settings at the end of last year.

Too personal: Over the past six years, social networking has been Facebook's stand-out phenomenon, linking up more than one billion people eager to exchange videos, pictures or last-minute birthday wishes. - Reuters

The changes made more private data public by default as users are given the responsibility to opt out if they want to keep their information private, or share it only with a trusted group of friends.

They caused a lot of confusion and many users were unaware that their personal information was available to everyone.

Another Facebook glitch recently further highlighted the vulnerability of its users - estimated to be more than 400 million people worldwide - as the malfunction made it possible for people not friended by Facebook users to access their personal information, including chat conversations, friend lists and more.

Unsurprisingly, censure mounted from the authorities worldwide - US senators reiterated their public calls for Facebook to rethink its privacy safeguards; the American Civil Liberties Union launched a petition against its founder Mark Zuckerberg and European data protection officials slammed the privacy changes.

It also caused a backlash among the tech-savvier user community and technology industry.

A number of high-profile users reportedly deleted their Facebook accounts while other irate users have launched an online campaign to make June 6 a “No Facebook Day”.

This has led to a crisis meeting at the Facebook headquarters last Friday, as it took steps to address the problems. Subsequently, tighter security measures were announced to protect its users' personal information.

However, as Facebook stressed in the press, in its bid to calm the furore over its privacy policy, the first line of defence is the user.

Chief executive officer of CyberSecurity Malaysia - the national cyber security specialist centre under the purview of the Science, Technology and Innovation Ministry (MOSTI) - Lt Col Husin bin Haji Jazri (Retired) concurs that users have to practise safe behaviour on Facebook and anywhere else online, he says in an e-mail interview.

Security upgrade

According to the Malaysian Computer Emergency Response Team (MyCERT), there were more than 150 complaints of cyber security breaches last year.

While this included cases of identity theft, hacking and cyberstalking, there were also reports of personal data abuse by estranged dating or married couples who have access to their partners' personal information.

As MyCERT chief Adli Abdul Wahid revealed to a local Malay language daily at the last Computer Security Day celebrations, they have received complaints from Internet users who have found their contact details - with offers of sex service - posted on public toilet walls and Internet forums as well as circulated via e-mail to strangers.

A quick e-mail survey by Sunday Star, however, shows that most Malaysians know how to protect themselves on the Internet, especially on social media networks like Facebook.

An IT executive who only wants to be known as Davina K. is among those who feel that the world's biggest social network needs to review its privacy policy.

“Most of us got onto Facebook to keep in touch with friends and family overseas or reconnect with old schoolmates. But now instead of connecting with them, half the time we have to monitor our privacy setting to make sure that our personal information is safe. It is taking the fun out of socialising,” she says.

Many, like engineer J. Tan, say that they have always been very careful about what they put on their profile page in Facebook.

“I like Facebook because it keeps me in the loop with what my friends and family are doing without me having to speak to them at all. But I am careful about sharing personal details with strangers. There is always the danger of your details ending up on public toilet walls, right?” he says.

Media executive Adibah A. is another who keeps a tight rein on what personal information gets out.

“I don't simply disclose information that I don't want people to know of. To me, it is better to be careful than sorry later. People can always spam my inbox with marketing flyers and any other junk. To protect my privacy, I am very selective of the information shared among friends.”

When audio visual (AV) designer Ruza Jajuli realised how her work and family were spilling into Facebook, she quickly made a list of “close friends”.

“There are things I would not like to share with them (family or office mates) as I wouldn't in 'real' life, so I created a list for the people who I do not want to see my 'crazy' pictures or comments,” she shares.

The fear of having her personal secrets being abused by others, including those who she counts as friends and acquaintances, is why regular Internet user Melissa K. is swearing off Facebook.

“You can say I am a bit paranoid, but I am now careful after a not-so-nice separation from my ex many years ago. He saved everything I said in anger (on voicemail, e-mail and SMS) and gossiped using it.”

Lt Col Husin advises those who have been threatened or victimised to lodge a police report.

“Then the police will do the necessary investigation and determine whether or not a crime has been committed. After which, law enforcement authorities (like the police) will determine if further action can be taken on the said person,” he says.

More importantly, with Facebook being so open, it is vital that users take safety precautions should they start interacting offline with those they meet online.

Just last week, an inquest hearing in the UK revealed how one former army warrant officer Stewart Shaw stabbed his partner Julie Sudlow - whom he had met on Facebook - after their whirlwind romance went sour.

As reported in British daily The Telegraph, the testimony of the investigating officer showed that Sudlow soon discovered that the man she was seeing was not the same as the man she had met on Facebook.

He became violent with her and when she called the police on him, Shaw lost his temper and accused her of ruining his life before murdering her in rage.

Source & Credit to :

Tuesday, May 11, 2010

Dialog Pengurusan Keselamatan Cybersecurity, Pejabat Ketua Keselamatan Kerajaan Malaysia

11 Mei, 2010 18:57 PM

KOTA KINABALU, 11 Mei (Bernama) -- Maklumat merupakan aset berharga masa kini dan kehilangan maklumat penting dan kritikal mampu melumpuhkan operasi sesebuah organisasi, demikian menurut CyberSecurity Malaysia.

Organisasi-organisasi kini menjadi sasaran kepada penjenayah siber dan sebarang serangan atau sabotaj yang dilakukan sama ada disedari atau tidak, mampu mengancam dan menggugat keselamatan negara.

Sehubungan itu, CyberSecurity Malaysia bersama-sama Pejabat Ketua Pegawai Keselamatan Kerajaan Malaysia hari ini menganjurkan Majlis Dialog Pengurusan Keselamatan Perlindungan Sasaran Penting dan Bengkel Kesedaran Pelaksanaan Pengurusan Sistem Keselamatan Maklumat (ISMS) Peringkat Zon Sabah dan Wilayah Persekutuan Labuan.

Ketua Pengarah Pejabat Ketua Pegawai Keselamatan Kerajaan Malaysia Datuk Haji Johari Haji Jamaluddin berkata objektif utama majlis dialog dan bengkel itu adalah untuk memberi kesedaran tentang pentingnya pelaksanaan pensijilan ISMS kepada organisasi yang dikenal pasti sebagai Prasarana Maklumat Kritikal Negara (CNII).

"Selain itu, majlis dialog dan bengkel ini diadakan supaya CNII terbabit dapat mengenal pasti skop pensijilan ISMS serta produk dan perkhidmatan kritikal mereka kepada masyarakat dan negara."

"Kementerian Sains, Teknologi dan Inovasi (MOSTI) telah melaksanakan kajian untuk mengadakan Dasar Keselamatan Siber Nasional pada 2005 yang bertujuan menilai dan menangani risiko yang akan dihadapi oleh CNII", kata Johari.

Menurutnya, dasar itu yang diterima untuk perlaksanaan pada 2006 mengariskan pelan tindakan yang perlu dilaksanakan bagi mengurangkan risiko ancaman siber terhadap CNII termasuklah mengenal pasti langkah keselamatan siber yang tepat, membangunkan program keselamatan siber yang menyeluruh dan kerangka kerja melindungi CNII.

Sementara itu, Ketua Pegawai Operasi CyberSecurity Malaysia, Zahri Yunos berkata dasar Keselamatan Siber Nasional telah dirangka sebagai pendekatan yang komprehensif dan bersepadu dalam memelihara e-kedaulatan negara dan menangani isu berkaitan keselamatan siber terutamanya ke atas Prasarana Kritikal Maklumat Negara.

"Dasar tersebut mentakrifkan CNII Malaysia sebagai aset, sistem dan fungsi yang penting kepada negara di mana sebarang gangguan atau kemusnahan akan membawa kesan buruk kepada ekonomi, imej keselamatan dan pertahahan negara, keupayaan kerajaan untuk berfungsi, dan keselamatan dan kesihatan awam.

"Salah satu fokus utama dalam dasar ini adalah pematuhan dan penggunaan standard keselamatan maklumat oleh agensi atau organisasi CNII", katanya.


Source and credit :

The dangers of webcams

Submitted by mala on Tuesday, May 11th, 2010
Tuesday, May 11th, 2010 15:10:00


Webcams might be a necessary piece of equip­ment for video-conferencing and a useful add-on to free voice-over Internet services like Skype.

However, they present a number of challenges to parents who want to protect their children's privacy.

As parents are naturally concerned about their children communicating with strangers in any medium, when you add a camera into the mix-whether it's taking still photos or video-you edge quickly from the merely icky into the pos­sibly illegal.

Plainly put, you have to make sure your child isn't going to end up in communication with a child predator.

The best way to prevent that is by making sure that your Webcam is in a common area, and only to be used when there's a parent or other responsible adults nearby.

A second and subtler risk is that hackers may be able to install software on your Internet-connect­ed camera that allows them to access and control it remotely. Last, using a service like Skype may ex­pose you to contact requests from spammers.

With that in mind, The Malay Mail presents (courtesy of Trend Micro), some tips for safer We­bcam use:

1. Shut off the camera and cover it with a lens cap when you aren't using it.

2. Keep the camera in an open space, like a living room, rather than allowing your kids to use it in private.

3. Don't let your child use the camera to com­municate with anyone who isn't a peer or who they don't know personally.

4. Remind your child not to respond to IMs, emails, or contact requests from unknown people.

5. Keep away from the camera any private information. For example, don't po­sition it so that your house number is in the frame.

Source & Credit :

Think twice about security

Tuesday, May 11th, 2010 14:34:00

MALAYSIANS are complacent when it comes to their online security. About 60 per cent of Malay­sians were found to have inadequate protection, such as software older than two years, relying purely on freeware or no protection of any sort.

It is worrying, considering the trends noted in the recently released Internet Security Threat Re­port Volume XV by Symantec (see sidebar).


BE SAFE: Freer advises caution on information put up online — Pic: ASHRAF SHAMSUL AZLAN

"Malaysia retains the same ranking as it did last year, which has it sitting in the middle of the scale. The thing to keep in mind is that the scale has blown up immeasurably, so you're sitting in the centre of an even bigger storm," said Symantec vice-president of consumer business (Asia Pacific and Japan) David Freer, who was in town recently for a media briefing of the report's findings.

He added that the number of attacks detected by Symantec for 2009 was more than the num­ber of attacks dealt by the company in the last 19 years combined.

Freer stressed that updating security software is critical because of the ad­vancements and changes in the way cybercrime is conducted. Software released even a year ago cannot combat the latest manifestations of mali­cious code.

Of the trends highlighted, attacks targeted at websites and social networking sites saw the biggest jump. Drive-by downloads, in which nor­mal sites are infected with malicious software are popular, along with dummy sites which prey on unsuspecting users' curiosity on issues such as Michael Jackson's death or the 2010 World Cup.

Social engineering plays a big part in cyber­crime, with social marketing concepts and tar­geted approaches to drive traffic to malicious sites. The increase in attacks on social networking play on users' trust when operating on such plat­forms.

"Five years ago, people would say 'don't click on emails from people you don't know', and it's the same thing here. Be wary of accepting what your friends post on your wall because it might not be from them. The problem is that these networking sites are a huge trust environment," said Freer.

So what do these cybercriminals do once they get access?

"If you're an individual, the cybercriminals are looking for bank account details, login informa­tion, email accounts, credit card details or websites that you frequent," said Freer adding that contrary to popular belief, cybercriminals pay the most for email accounts and not credit card details.

"Where do you reset all your passwords to? Whenever you change your banking details, you do it via email or get it sent it to your email. So your email account is valued more than your credit card details," explained Freer.

After the cybercriminals get the cash, they then turn to a new trend -- the use of cybermules to launder the money.

Job ads which advertise the benefits of working from home is one method of recruitment. Unsus­pecting people are asked to either transfer money via their accounts and get paid or asked to accept online purchases and forward them on.

"You're seeing a lot of real world methodologies being incorporated into crime online. There's a lot of money being made and there's almost no risk as it is very hard to get caught. They never target the country they are based in and play the jurisdic­tion game well," said Freer.

Internet Security Threat Report volume XV Highlights

The report, which highlights key trends in cyber­crime from Jan1, 2009 to Dec 31, 2009 noted the following:

  • The easy availability of attack toolkits make cy­bercrime easier than ever. As stated in the Syman­tec Report on Underground Economy released last year, the highest-priced attack tool, on average, was botnets, which sold for an average of US$225.
  • An increase in the number of targeted threats focused on enterprises. The report found that at­tackers are leveraging the abundance of personal information openly available on social networking sites to make socially engineered attacks on key individuals within targeted companies. Hydraq gained a great deal of notoriety at the beginning of 2010, but was only the latest in a long line of such targeted attacks including Shadow Network in 2009 and Ghostnet in 2008.
  • Web-based attacks continued to grow unabat­ed. Today's attackers leverage social engineering techniques to lure unsuspecting users to malicious websites. These websites then attack the victim's Web browser and vulnerable plug-ins normally used to view video or document files. In particu­lar, 2009 saw dramatic growth in the number of Web-based attacks targeted at PDF viewers; this accounted for 49 per cent of observed Web-based attacks. This is a sizeable increase from the 11 per cent reported in 2008.
  • Malicious activity takes root in emerging coun­tries. The report saw firm signs that malicious activ­ity is now taking root in countries with an emerging broadband infrastructure, such as Brazil, India, Po­land, Vietnam and Russia. In 2009, these countries moved up the rankings as a source and target of malicious activity by cybercriminals. The findings from the report suggest that government crack­downs in developed countries have led cybercrim­inals to launch their attacks from the developing world, where they are less likely to be prosecuted.

How much is your information worth?

Here's a quick breakdown of the value of items sold in the underground economy in US dollars (US$1 = RM3.2):

  • CREDIT CARDS: $0.98

Four tips for a safer online experience

1. Think twice before you put anything up on the Internet. Act as though that in­formation is public knowledge because that is where it can potentially end up.

2. Be very careful who you accept as a "friend" on social networking sites.

3. Be very wary of Scareware - malware parading as a security software. If it is not from a reputable company, do not download or accept it.

4. Ensure that you have a comprehensive and pro-active security suite installed on your computer.

Source & Credit :

Monday, May 10, 2010

Kes curi identiti pengguna internet terus meningkat

Oleh Mohd Anwar Patho Rohman
Pelanggan didapati tak sedar laman web bank dilayari palsu

KUALA LUMPUR: Sebanyak 446 daripada 1,329 kes pencerobohan internet yang dilaporkan pada suku pertama tahun ini membabitkan cubaan mencuri identiti pengguna internet, termasuk kata nama dan kata laluan akaun internet.

Ketua Bahagian Khidmat Pengurusan Kawalan Mutu Cyber Security Malaysia, Dr Solahuddin Shamsuddin, berkata jumlah itu meningkat 52 peratus bagi tempoh sama tahun lalu yang mencatatkan 214 kes.

Beliau berkata, cubaan mencuri identiti pengguna internet itu berkaitan dengan pencerobohan maklumat akaun pelanggan bank, khasnya bagi mencuri kata nama atau ‘username’ dan kata laluan atau password’ rahsia.

“Penipuan berlaku apabila pelanggan bank tidak menyedari laman web bank yang mereka layari adalah palsu kerana memiliki ciri-ciri yang hampir sama dengan laman web asli.

“Apabila mereka memasukkan kata nama dan kata laluan pada laman web palsu, maklumat peribadi dan akaun mereka dapat dicuri oleh penggodam yang kemudian dimanipulasi untuk pelbagai tujuan penipuan termasuk mengeluarkan wang milik mangsa,” katanya ketika sesi bual bicara sempena pelancaran produk pelindung komputer Kapersky PURE, di sini semalam.

Kapersky PURE adalah produk yang berupaya melindungi komputer daripada pencerobohan dan gangguan termasuk antivirus, kawalan terhadap internet, aplikasi, kata laluan, kata kemasukan, maklumat peribadi dan sistem operasi.
Ketika ditemui selepas majlis itu, Solahuddin berkata, berdasarkan siasatan Siber Security Malaysia, laman web bank palsu yang dilayari mangsa itu berpangkalan di luar negara.

Beliau berkata, apabila menerima aduan berhubung pencerobohan internet, Cyber Security Malaysia menerusi Pasukan Tindak Balas Kecemasan Keselamatan Komputer Malaysia (MyCert) akan melaporkan kepada pasukan bertindak di negara yang dikenal pasti menjadi pusat penceroboh supaya memotong khidmat penyedia khidmat internet (ISP).

“Biasanya kita dapat menghentikan gangguan internet ini dengan pantas hasil hubungan baik Malaysia dengan negara memiliki pasukan seperti MyCert,” katanya.

Sementara itu, Solahuddin berkata, 80 peratus atau 504 daripada 1,329 kes pencerobohan internet yang dipandang serius pihaknya ialah perbuatan merosakkan laman web termasuk milik agensi kerajaan.

Beliau juga berkata, sebanyak 3,564 kes pencerobohan internet dilaporkan sepanjang 2009 dengan 1,766 membabitkan pencerobohan terhadap sistem, manakala cubaan mencuri identiti pengguna internet sebanyak 1,022 kes.

“Kita mengambil berat perbuatan merosakkan laman web kerana ia akan mengganggu perjalanan sistem internet agensi yang terbabit, proses capaian dan perayauan selain menimbulkan kekeliruan kepada pengguna,” katanya.

Sumber & Kredit :

Wednesday, May 5, 2010


May 3, 2010


DALLAS. May 3. Cybersecurity demands cooperation from all sectors and all users, said leaders from businesses and governments at an EastWest Institute dinner in Dallas. A panel of experts called on all parties to share information and coordinate efforts to reap the benefits of the digital economy while avoiding its dangers.

"Cybersecurity is the responsibility of everyone," said Teri Takai, California's Chief Information Officer. "The most critical threat is us. We have to be sure that we're using the technology correctly and we're protecting it."

A crucial issue is attribution, according to Michael Dell, Chairman and Chief Executive Officer of Dell, Inc. "We have an enormous number of bad actors who are able to be completely anonymous," he said. "Can you think of any secure system where people can operate anonymously?"

Both public and private sectors have a critical role to play to secure cyberspace, the panel suggested. "Industry has a responsibility to share its best practices," said Melissa Hathaway, former Acting Senior Director for Cyberspace on the U.S. National Security Council, while Dell stressed the need for public sector leadership. "It's not a decision for any individual or a business to make," he said. "It's a societal decision."

Phillip Reitinger, Deputy Undersecretary at the Department of Homeland Security, emphasized the need for a longer-term focus on the issue. "I fear that we're going to let the urgent overtake the critical," he said, arguing for a thoughtful, sustained cybersecurity initiative.

Dell echoed the need to avoid knee-jerk policies. "It's important not to demonize the technology," he said. "The vast majority of people using the Internet are good people."

Panelists agreed that the consequences of inaction are dire. "If we let our attention waver for a second, we will be in a world of hurt -- now and in the future," said Reitinger.

Monday, May 3, 2010

Kontraktor didenda 'ceroboh' akaun e-mel Menteri Kewangan

PUTRAJAYA 3 Mei - Dengan pengetahuan yang dimiliki dalam bidang komputer, seorang kontraktor berjaya menceroboh akaun e-mel Menteri Kewangan di laman web

Pemuda berusia 28 tahun itu kemudian menyamar sebagai Menteri Kewangan dengan menghantar e-mel kepada dua pegawai Kementerian Kewangan untuk mendapatkan tender projek atau peluang perniagaan.

Namun kecekapan pegawai kementerian tersebut berjaya mengelak daripada terpedaya dengan 'e-mel palsu' itu sekali gus menghindarkan kredibiliti kementerian itu daripada terjejas dan mengalami kerugian.

Hari ini, pemuda itu menerima padah apabila dia didenda RM12,000 oleh Mahkamah Sesyen di sini setelah mengaku bersalah atas dua tuduhan menceroboh akaun e-mel tersebut sebelum menyamar sebagai Menteri Kewangan.

Mengikut pertuduhan, Muhammad Rashid Narayanan didakwa melakukan capaian tanpa kuasa terhadap e-mel di laman web dengan menyamar sebagai Menteri Kewangan dengan niat untuk mengakibatkan kerugian kepada kementerian itu.

Perbuatan itu didakwa dilakukan di Kompleks Kementerian Kewangan di sini pada pukul 9.42 pagi, 12 April lalu.

Bagi tuduhan kedua, pemuda yang beralamat di Jalan Lengkok Abdullah, Bangsar, turut didakwa melakukan perbuatan yang sama di tempat dan tarikh yang sama.

Kedua-dua dakwaan terhadapnya dikemukakan mengikut Seksyen 4(1)(a) Akta Jenayah Komputer 1997 yang memperuntukkan hukuman denda RM150,000 atau penjara tidak lebih 10 tahun atau kedua-duanya.

Hakim Suzana Hussin menjatuhkan denda RM6,000 atau penjara 10 hari bagi setiap pertuduhan terhadap Muhammad Rashid yang merupakan tertuduh pertama dihukum di bawah Seksyen tersebut.

Mengikut fakta kes, e-mel pertama dihantar tertuduh ke alamat e-mel milik Setiausaha Bahagian Perolehan, Kementerian Kewangan, Datuk Fauziah Yaacob untuk meminta nombor telefon bimbit pegawai berkenaan.

E-mel kedua pula dihantar ke alamat e-mel pembantu peribadi Fauziah, Zaleha Yusof yang antara lain mendakwa beliau (Menteri Kewangan) ketika itu berada di Amerika Syarikat dan memintanya melayan permohonan 'orang beliau' yang akan mencarinya bagi tujuan peluang perniagaan.

Kedua-dua e-mel itu turut menyatakan ia adalah rahsia dan tidak boleh didedahkan kepada sesiapa.

Tertuduh kemudian didakwa menghubungi Zaleha dengan memperkenalkan diri sebagai Adam daripada syarikat Rectro Sdn. Bhd. yang ingin menyemak tender.

Siasatan dengan sebuah syarikat telekomunikasi menunjukkan panggilan itu dibuat daripada telefon bimbit tertuduh dan semakan di Suruhanjaya Syarikat Malaysia pula mendapati isteri tertuduh, Yusliza Abdul Rahim ialah ahli Lembaga Pengarah Rectro.

Terdahulu, dalam rayuannya, Muhammad Rashid yang tidak diwakili peguam bela memohon hukuman ringan dan berjanji tidak akan mengulangi kesalahan tersebut.

Timbalan Pendakwa Raya, Nahra Dollah yang mengendalikan pendakwaan bersama Hamidi Mohd. Noh memohon hukuman setimpalkerana perbuatan menceroboh akaun e-mel Menteri Kewangan boleh menyebabkan orang ramai tidak mempercayai keselamatan laman web kementerian itu.

Tegas beliau, pencerobohan itu mencemarkan nama Menteri Kewangan yang juga Perdana Menteri sendiri kerana ia seolah-olah menunjukkan pemimpin negara memberikan projek kepada orang yang dikenalinya.

Tertuduh dibebaskan selepas membayar denda.

Source :

Sophos's recommendations for Facebook settings


ID fraudsters target Facebook and other social networking sites to harvest information about you. Here's how we recommend you set your Facebook privacy options to protect against online identity theft.

How to adjust your settings

This guide walks you through Sophos-recommended privacy settings in Facebook, and shows you how to set more secure levels of privacy and reduce the chance of becoming a victim of online identity theft.

General security tips for Facebook

Adjust Facebook privacy settings to help protect your identity

Unlike some other social networking sites, Facebook has provided some powerful options to protect you online - but it's up to you to use them!

Read the Facebook Guide to Privacy

At the very bottom of every page on Facebook, there's a link that reads "Privacy." The linked page is "A guide to privacy on Facebook," which contains the latest privacy functions and policies. For example, with the latest changes in December 2009, Facebook discloses what it calls "Publicly available information." This is information that is publicly viewable to anyone visiting your profile, and includes sensitive information like your name, current city and gender.

When in doubt, use the "How others see you" tool on Facebook's privacy guide to check and make sure your privacy settings are properly set.

Think carefully about who you allow to become your friend

Once you have accepted someone as your friend they will be able to access any information about you (including photographs) that you have marked as viewable by your friends. You can remove friends at any time should you change your mind about someone.

Show "limited friends" a cut-down version of your profile

You can choose to make people 'limited friends' who only have access to a cut-down version of your profile if you wish. This can be useful if you have associates who you do not wish to give full friend status to, or feel uncomfortable sharing personal information with.

Disable options, then open them one by one

Think about how you want to use Facebook. If it's only to keep in touch with people and be able to contact them then maybe it's better to turn off the bells and whistles. It makes a lot of sense to disable an option until you have decided you do want and need it, rather than start with everything accessible.

source :

Safety tips on blogging

Recent studies show that teenagers write roughly half of all blogs today, with two out of three providing their age, three out of five revealing their location and contact information, and one in five revealing their full name.

There are potential risks in sharing this type of detailed personal information. And, as more young peers create more blogs, they tend to compete increasingly with each other for attention. Sometimes this can lead to kids posting inappropriate material such as provocative pictures of themselves or their friends.

A quick blogging primer for parents

Although keeping a blog offers potential benefits, including improved writing skills and communication, it's important to educate your kids about the Internet and blogging before they begin-much like completing driving school before hitting the road solo. Here are a few suggestions to get started:

  • Establish rules for online use with your kids and be diligent.
  • Screen what your kids plan to post before they post it. Seemingly innocuous information, such as a school mascot and town photo, could be put together to reveal where the author goes to school.
  • Ask yourself (and instruct your kids to do the same) if you are you comfortable showing any of the content to a stranger. If in doubt, have them take it out.
  • Evaluate the blogging service and find out if it offers private, password-protected blogs.
  • Save the Web address of your child's blog and review it on a regular basis.
  • Check out other blogs to find positive examples for your kids to emulate.

Basic guidelines for bloggers

The following tips are a good place to start for kids interested in blogging, although by no means comprehensive. It's a good idea for parents to add more guidelines to suit their family's particular needs. Start by telling kids that they should:

  • Never offer any personal information including your last name, contact information, home address, phone numbers, school's name, e-mail address, last names of friends or relatives, instant messaging names, age, or birth date.
  • Never post provocative pictures of yourself or anyone else, and be sure any images you provide do not reveal any of the previously mentioned information. Always remember to look at the background of a picture too.
  • Assume what you publish on the Web is permanent. Anyone on the Internet can easily print out a blog or save it to a computer.
  • Use blogging provider sites with clearly stated terms of use, and make sure they can protect the actual blogs, not just the user accounts, with password protection. (Even so, it's better to assume anyone can see it.)
  • Avoid trying to "outdo" or compete with other bloggers.
  • Keep blogs positive and don't use them for slander or to attack others.
Source :